More Pulse Secure VPN Vulnerability Attacks Announced by CISA

Pulse Secure customers received an advisory from the Cybersecurity and Infrastructure Security Agency (CISA) to implement the patch for vulnerability CVE-2019-11510 of the 2019 Pulse Secure VPN .

Cybercriminals continue to attack unpatched Pulse Secure VPN servers by installing the Sodinokibi (REvil) ransomware when taking advantage of vulnerability CVE-2019-11510. Several attacks were actually reported this January 2020. Besides encrypting information, the attackers steal the victims’ sensitive data and blackmail them saying they will expose the information. One instance last week was the exposure of information from Artech Information Systems because of refusing to pay the ransom.

CISA continues to see a substantial vulnerability of CVE-2019-11510 exploitation by different threat actors. Some attacks were by advanced persistent attackers sponsored by nation-state who exploit the vulnerability primarily to steal information, passwords, and deploy malware.

Successful exploitation of vulnerability CVE-2019-11510 could allow an unauthorized attacker to remotely access all active VPN users and obtain their plain-text security passwords. CISA points out that an attacker can furthermore implement arbitrary code on VPN clients when they can hook up to an unpatched Pulse Secure VPN server.

Pulse Secure released a bulletin about the vulnerability on April 24, 2019 and made the patches available to resolve the vulnerability on every Pulse Connect Secure and Pulse Policy Secure versions impacted. Nonetheless, numerous companies are slow in implementing the patches. Since no mitigations or substitute fix can be employed to evade vulnerability exploitation, using the patches issued by Pulse secure is the only option.

CISA has informed all companies to employ the patches straight away to prevent vulnerability exploitation. The number of Pulse Secure customers vulnerable to an attack is roughly 10%, which was the result of not using the patch.